692b8425b9
## Description Fix issues found by screaming frog - Use https:// for links - Add missing cookies page back - Add missing alt-text - Use dashes instead of underscores for better search engine indexing - Fix internal redirects ## Does this PR need a docs update or release note? - [x] ⛔ No ## Type of change - [x] 🐛 Bugfix
4.8 KiB
description
| description |
|---|
| Configure backup repository |
Repositories
import CodeBlock from '@theme/CodeBlock'; import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; import TOCInline from '@theme/TOCInline'; import {Version} from '@site/src/corsoEnv';
A Corso repository stores encrypted copies of your backup data. Corso uses AES256-GCM-HMAC-SHA256 to encrypt data at rest using keys that are derived from the repository passphrase. Data in flight is encrypted via TLS.
Repositories are supported on the following object storage systems:
:::note Depending on community interest, Corso will add support for other object storage backends in the future. :::
Amazon S3
Prerequisites
Before setting up your Corso S3 repository, the following prerequisites must be met:
- The S3 bucket for the repository already exists. Corso won't create it for you.
- You have access to credentials for a user or an IAM role that has the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
],
"Resource": [
"arn:aws:s3:::<YOUR_BUCKET_NAME>",
"arn:aws:s3:::<YOUR_BUCKET_NAME>/*"
]
}
]
}
Credential setup
Corso supports the credential options offered by the AWS Go SDK. For Full details, see the Specifying Credentials section of the official documentation. The two most commonly-used options are:
-
Environment variables - set and export
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY. If using temporary credentials derived by assuming an IAM Role, you will also needAWS_SESSION_TOKEN. -
Credentials file - ensure that the credentials file is available to Corso (for example, may need to map it if using Corso as a container). You may also want to set and export
AWS_PROFILE, if not using the default profile, andAWS_SHARED_CREDENTIALS_FILE, if not using the default file location. You can learn more about the AWS CLI environment variables here.
Initialize repository
Before first use, you need to initialize a Corso repository with corso repo init s3. See the command details
here.
# Initialize the Corso Repository
$Env:CORSO_PASSPHRASE = "CHANGE-ME-THIS-IS-INSECURE"
.\corso repo init s3 --bucket corso-test
# Initialize the Corso Repository
export CORSO_PASSPHRASE="CHANGE-ME-THIS-IS-INSECURE"
./corso repo init s3 --bucket corso-test
{
# Initialize the Corso Repository export CORSO_PASSPHRASE="CHANGE-ME-THIS-IS-INSECURE" docker run --env-file $HOME/.corso/corso.env \\ --volume $HOME/.corso:/app/corso ghcr.io/alcionai/corso:${Version()} \\ repo init s3 --bucket corso-test
}
Connect to a repository
If a repository already exists, you can connect to it with corso repo connect s3. See the command details
here.
# Connect to the Corso Repository
.\corso repo connect s3 --bucket corso-test
# Connect to the Corso Repository
./corso repo connect s3 --bucket corso-test
{
# Connect to the Corso Repository docker run --env-file $HOME/.corso/corso.env \\ --volume $HOME/.corso:/app/corso ghcr.io/alcionai/corso:${Version()} \\ repo connect s3 --bucket corso-test
}
S3-compatible object storage
Configuring Corso to use object storage systems compatible with the AWS S3 API (for example, Google Cloud Storage,
Backblaze B2, MinIO, etc.) is almost identical to the Amazon S3 instructions above with the exception that you will
need to use the following flag with the initial Corso repo init command:
--endpoint <domain.example.com>
Testing with insecure TLS configurations
Corso also supports the use of object storage systems with no TLS certificate or with self-signed
TLS certificates with the --disable-tls or --disable-tls-verification flags.
These flags should only be used for testing.